Can we get your domain name so I can look? There are many ways that hackers can get your username. The scan is just one of them. Also please confirm you are using the latest version of Wordfence.
tim
Hi. The domain name is karmicallycoaching.com and I am using the latest version of Wordfence.
I happened to be working on my website at the time but before logging out, I noticed that an IP 37.122.211.118 had tried author= 8 times. I blocked it.
Just a few minutes later, the attacks started at 8.18 pm Indian Standard Time on Wednesday and continued till 4.03 am Indian Standard Time this morning. The first IP that I saw who tried to log in was 109.104.79.213.
Fortunately they bot made a small mistake but this is very frightening!
Other than this incident, I love Wordfence and cannot reiterate how many times this plugin has protected my website.
Warm regards
Vatsala
Just went to your site and tested this. The string essentially does nothing now. It just redirects to the main page which is what we did intentionally. (my IP tried authors 8,5, and 1 in case you were looking). I’m guessing they were able to get the name some other way. I’d make sure your display name is set to something other than your username, that you enabled the option to turn off errors in the login (wordfence options page, login security) so that invalid usernames don’t show that they are, etc.
tim
Hi Tim,
Thanks for looking into this. At least now I know when I was trying to log out once I knew there was an attack going on why I was being taken to my 404 page which also had me concerned.
My settings have been set up for best practice as per Wordfence and comply with what you have written. The only thing, I am wondering is that my security level is set at custom. Do I need to change that?
There is one setting I can change for instant lockout if the wrong user name is used. I’ll have to understand that a bit better.
Thanks again,
Vatsala
Instant lockout for wrong usernames are good unless you have a lot of users. If you have a lot of users, y0ou run the risk of having to unlock people all the time for typing in the username wrong.
The security level is custom because you have changed values in it. Its fine the way it is. :))
tim